Add crossorigin attribute and implement step 14 of prepare a script

Add WPT test for HTMLScriptElement crossOrigin IDL attribute

tests/wpt/web-platform-tests/html/semantics/scripting-1/the-script-element/resources/cross-origin.py

@@ -0,0 +1,10 @@
+def main(request, response):
+    headers = [("Content-Type", "text/javascript")]
+    milk = request.cookies.first("milk", None)
+
+    if milk is None:
+        return headers, "var included = false;"
+    elif milk.value == "yes":
+        return headers, "var included = true;"
+
+    return headers, "var included = false;"

tests/wpt/web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network.html

@@ -0,0 +1,49 @@
+<!doctype html>
+<meta charset="utf-8">
+<title>HTMLScriptElement: crossorigin attribute network test</title>
+<link rel="author" title="KiChjang" href="mailto:kungfukeith11@gmail.com">
+<link rel="help" href="https://html.spec.whatwg.org/multipage/#cors-settings-attribute">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<body>
+  <script type="text/javascript">
+  var test1 = async_test(document.title + "1");
+  var test2 = async_test(document.title + "2");
+  var test3 = async_test(document.title + "3");
+
+  var script1 = document.createElement("script");
+  script1.src = "resources/cross-origin.py";
+  script1.crossOrigin = "use-credentials";
+  var script2 = document.createElement("script");
+  script2.src = "resources/cross-origin.py";
+  script2.crossOrigin = "gibberish";
+  var script3 = document.createElement("script");
+  script3.src = "resources/cross-origin.py";
+
+  document.cookie = "milk=yes";
+  document.body.appendChild(script1);
+  script1.onload = function() {
+    test1.step(function() {
+      assert_true(included, "credentials should be included in script request");
+      test1.done();
+    });
+  };
+
+  document.body.appendChild(script2);
+  script2.onload = function() {
+    test2.step(function() {
+      assert_true(included, "invalid values should default to include credentials due to response tainting");
+      test2.done();
+    });
+  };
+
+  document.body.appendChild(script3);
+  script3.onload = function() {
+    test3.step(function() {
+      assert_true(included, "missing value should default to include credentials");
+      test3.done();
+    });
+  };
+  </script>
+</body>

tests/wpt/web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin.html

@@ -0,0 +1,39 @@
+<!doctype html>
+<meta charset="utf-8">
+<title>HTMLScriptElement: crossOrigin IDL attribute</title>
+<link rel="author" title="KiChjang" href="mailto:kungfukeith11@gmail.com">
+<link rel="help" href="https://html.spec.whatwg.org/multipage/#cors-settings-attribute">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script id="script1"></script>
+<script id="script2" crossorigin=""></script>
+<script id="script3" crossorigin="foo"></script>
+<script id="script4" crossorigin="anonymous"></script>
+<script id="script5" crossorigin="use-credentials"></script>
+<script>
+test(function() {
+  var script1 = document.getElementById("script1");
+  var script2 = document.getElementById("script2");
+  var script3 = document.getElementById("script3");
+  var script4 = document.getElementById("script4");
+  var script5 = document.getElementById("script5");
+
+  assert_equals(script1.crossOrigin, null, "Missing value default should be null");
+  assert_equals(script2.crossOrigin, "anonymous", "Empty string should map to anonymous");
+  assert_equals(script3.crossOrigin, "anonymous", "Invalid value default should be anonymous");
+  assert_equals(script4.crossOrigin, "anonymous", "anonymous should be parsed correctly");
+  assert_equals(script5.crossOrigin, "use-credentials", "use-credentials should be parsed correctly");
+
+  script1.crossOrigin = "bar";
+  assert_equals(script1.crossOrigin, "anonymous", "Setting to invalid value would default to anonymous");
+
+  script2.crossOrigin = null;
+  assert_equals(script2.crossOrigin, null, "Resetting to null should work");
+
+  script4.crossOrigin = "use-credentials";
+  assert_equals(script4.crossOrigin, "use-credentials", "Switching from anonymous to use-credentials should work");
+
+  script5.crossOrigin = "anonymous";
+  assert_equals(script5.crossOrigin, "anonymous", "Switching from use-credentials to anonymous should work");
+}, document.title);
+</script>